Practice Test #5 - AWS Certified Cloud Practitioner - Results (Stephen) Flashcards
According to the Shared Responsibility Model, which of the following is both the responsibility of AWS and the customer? (Select two)
A. Customer data
B. Data Center Security
C. Configuration Management
D. Disposal of Disk Drives
E. Operating System (OS) Configuration
C. Configuration Management
E. Operating System (OS) Configuration
Explanation:
Configuration management
Shared Controls – Controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services.
Configuration Management – AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications.
Operating system (OS) configuration
The customers are responsible for “Security IN the cloud”. It includes customer data, as well as the guest operating system configuration.
OS configuration as a whole is a shared responsibility, but be careful: the host OS configuration is the responsibility of AWS, and the guest OS configuration is the responsibility of the customer.
Exam Alert:
Please review the Shared Responsibility Model in detail as you can expect multiple questions on the shared responsibility model in the exam: via - https://aws.amazon.com/compliance/shared-responsibility-model/
Incorrect options:
Customer data
Data center security
Disposal of disk drives
AWS is responsible for “Security OF the cloud”. It includes the infrastructure, which is composed of the hardware, software, networking, and facilities that run AWS Cloud services. It includes the disposal and the replacement of disk drives as well as data center security.
A company needs to keep sensitive data in its own data center due to compliance but would still like to deploy resources using AWS. Which Cloud deployment model does this refer to?
A. On-Premises
B. Private Cloud
C. Hybrid Cloud
D. Public Cloud
C. Hybrid Cloud
Explanation:
Hybrid Cloud
A hybrid deployment is a way to connect infrastructure and applications between cloud-based resources and existing resources that are not located in the cloud. The most common method of hybrid deployment is between the cloud and existing on-premises infrastructure to extend, and grow, an organization’s infrastructure into the cloud while connecting cloud resources to the internal system.
Overview of Cloud Computing Deployment Models: via - https://aws.amazon.com/types-of-cloud-computing/
Incorrect options:
Public Cloud - A public cloud-based application is fully deployed in the cloud and all parts of the application run in the cloud. Applications in the cloud have either been created in the cloud or have been migrated from an existing infrastructure to take advantage of the benefits of cloud computing.
Private Cloud - Unlike a Public cloud, a Private cloud enables businesses to avail IT services that are provisioned and customized according to their precise needs. The business can further avail the IT services securely and reliably over a private IT infrastructure.
On-premises - This is not a cloud deployment model. When an enterprise opts for on-premises,it needs to create, upgrade, and scale the on-premise IT infrastructure by investing in sophisticated hardware, compatible software, and robust services. Also, the business needs to deploy dedicated IT staff to upkeep, scale, and manage the on-premise infrastructure continuously.
An organization would like to copy data across different Availability Zones (AZs) using EBS snapshots. Where are EBS snapshots stored in the AWS Cloud?
A. Amazon S3
B. Amazon EFS
C. Amazon RDS
D. Amazon EC2
A. Amazon S3
Explanation:
Amazon S3
You can create a point-in-time snapshot of an EBS volume and use it as a baseline for new volumes or data backup. If you make periodic snapshots of a volume, the snapshots are incremental—the new snapshot saves only the blocks that have changed since your last snapshot.
You can back up the data on your Amazon EBS volumes to Amazon S3 by taking point-in-time snapshots.
Incorrect options:
Amazon EC2 - Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers. EBS snapshots cannot be stored on Amazon EC2.
Amazon RDS - Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. EBS snapshots cannot be stored on Amazon RDS.
Amazon EFS - Amazon Elastic File System (Amazon EFS) provides a simple, scalable, elastic file system for Linux-based workloads for use with AWS Cloud services and on-premises resources. EBS snapshots cannot be stored on Amazon EFS.
A production company would like to establish an AWS managed VPN service between its on-premises network and AWS. Which item needs to be set up on the company’s side?
A. A VPC Endpoint Interface
B. A virtual private gateway
C. A customer gateway
D. A security group
C. A customer gateway
Explanation:
A customer gateway
A customer gateway device is a physical or software appliance on your side of a Site-to-Site VPN connection. You or your network administrator must configure the device to work with the Site-to-Site VPN connection.
You can enable access to your remote network from your VPC by creating an AWS Site-to-Site VPN (Site-to-Site VPN) connection, and configuring routing to pass traffic through the connection.
Schema: via - https://docs.aws.amazon.com/vpn/latest/s2svpn/your-cgw.html
Incorrect options:
A security group - A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. It is not a component of a connection between on-premises network and AWS.
A VPC endpoint interface - An interface VPC endpoint (interface endpoint) enables you to connect to services powered by AWS PrivateLink. It is not a component of a connection between on-premises network and AWS.
A virtual private gateway - A virtual private gateway device is a physical or software appliance on AWS side of a Site-to-Site VPN connection.
A production company with predictable usage would like to reduce the cost of its Amazon EC2 instances by using reserved instances. Which of the following length terms are available for Amazon EC2 reserved instances? (Select TWO)
A. 5 years
B. 2 years
C. 1 year
D. 5 months
E. 3 years
C. 1 year
E. 3 years
Explanation:
1 year
3 years
Reserved Instances provide you with a significant discount (up to 75%) compared to On-Demand instance pricing. Besides, when Reserved Instances are assigned to a specific Availability Zone, they provide a capacity reservation, giving you additional confidence in your ability to launch instances when you need them.
Standard and Convertible reserved instances can be purchased for a 1-year or 3-year term.
EC2 Pricing Options Overview: via - https://aws.amazon.com/ec2/pricing/
Incorrect options:
6 months - It is not possible to reserve instances for 6 months.
5 years - It is not possible to reserve instances for 5 years.
2 years - It is not possible to reserve instances for 2 years.
A corporation would like to have a central user portal to log in to third-party business applications as well as accounts managed under AWS Organizations. As a Cloud Practitioner, which AWS service would you use for this task?
A. AWS Cognito
B. AWS Single Sign On (SSO)
C. AWS Identity and Access Management (IAM)
D. AWS Command Line Interface (CLI)
B. AWS Single Sign On (SSO)
Explanation:
AWS Single Sign-On (SSO)
AWS SSO is an AWS service that enables you to makes it easy to centrally manage access to multiple AWS accounts and business applications and provide users with single sign-on access to all their assigned accounts and applications from one place.
With AWS SSO, you can easily manage SSO access and user permissions to all of your accounts in AWS Organizations centrally. AWS SSO allows you to create and manage user identities in AWS SSO’s identity store, or easily connect to your existing identity source including Microsoft Active Directory, Azure Active Directory (Azure AD), and Okta Universal Directory.
You can use AWS SSO to quickly and easily assign and manage your employees’ access to multiple AWS accounts, SAML-enabled cloud applications (such as Salesforce, Office 365, and Box), and custom-built in-house applications, all from a central place.
How AWS SSO works: via - https://aws.amazon.com/single-sign-on/
Incorrect options:
AWS Cognito - Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. With Amazon Cognito, you also have the option to authenticate users through social identity providers such as Facebook, Twitter, or Amazon, with SAML identity solutions, or by using your own identity system. It is an identity management solution for customers/developers building B2C or B2B apps for their customers.
AWS Identity and Access Management (IAM) - AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. It is not used to log in but to manage users and roles.
AWS Command Line Interface (CLI) - The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts. It is not a central user portal.
Which of the following statements is CORRECT regarding the scope of an Amazon Virtual Private Cloud (VPC)?
A. A VPC spans all Availability Zones (AZs) within a region
B. A VPC spans all regions within an Availability Zone (AZ)
C. A VPC spans all subnets in all regions
D. A VPC spans all Availability Zones (AZs) in all region
A. A VPC spans all Availability Zones (AZs) within a region
Explanation:
A VPC spans all Availability Zones (AZs) within a region
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.
A VPC spans all Availability Zones (AZs) within a region.
Incorrect options:
A VPC spans all subnets in all regions - A VPC is located within a region.
A VPC spans all Availability Zones (AZs) in all regions - A VPC is located within a region.
A VPC spans all regions within an Availability Zone (AZ) - AWS has the concept of a Region, which is a physical location around the world where AWS clusters data centers. Each AWS Region consists of multiple (two or more), isolated, and physically separate AZ’s within a geographic area. An Availability Zone (AZ) is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region. Therefore, regions cannot be within an Availability Zone. Moreover, a VPC is located within a region.
AWS Regions and Availability Zones Overview:
A company would like to reserve EC2 compute capacity for three years to reduce costs. The company also plans to increase their workloads during this period. As a Cloud Practitioner, which EC2 Reserved Instance type would you recommend?
A. Scheduled Reserved Instances
B. Adaptable Reserved Instances
C. Standard Reserved Instances
D. Convertible Reserved Instances
D. Convertible Reserved Instances
Explanation:
Convertible Reserved Instances
Purchase Convertible Reserved Instances if you need additional flexibility, such as the ability to use different instance families, operating systems, or tenancies over the Reserved Instance term. Convertible Reserved Instances provide you with a significant discount (up to 54%) compared to On-Demand Instances and can be purchased for a 1-year or 3-year term.
Convertible Reserved Instances can be useful when workloads are likely to change. In this case, a Convertible Reserved Instance enables you to adapt as needs evolve while still obtaining discounts and capacity reservations.
EC2 Pricing Options Overview: via - https://aws.amazon.com/ec2/pricing/
Incorrect options:
Standard Reserved Instances - Standard Reserved Instances provide you with a significant discount (up to 72%) compared to On-Demand Instance pricing, and can be purchased for a 1-year or 3-year term. Standard Reserved Instances do not offer as much flexibility as Convertible Reserved Instances (such as not being able to change the instance family type), and therefore are not best-suited for this use case.
Review the differences between Standard Reserved Instances and Convertible Reserved Instances: https://docs.aws.amazon.com/whitepapers/latest/cost-optimization-reservation-models/standard-vs.-convertible-offering-classes.html
Scheduled Reserved Instances - AWS does not support Scheduled Reserved Instances, so this option is ruled out.
Adaptable Reserved Instances - Adaptable Reserved Instances are not a valid type of reserved instances. It is a distractor.
A Cloud Practitioner would like to get operational insights of its resources to quickly identify any issues that might impact applications using those resources. Which AWS service can help with this task?
A. Amazon Inspector
B. AWS Personal Health Dashboard
C. AWS Trusted Advisor
D. AWS Systems Manager
D. AWS Systems Manager
Explanation:
AWS Systems Manager
AWS Systems Manager allows you to centralize operational data from multiple AWS services and automate tasks across your AWS resources. You can create logical groups of resources such as applications, different layers of an application stack, or production versus development environments.
With Systems Manager, you can select a resource group and view its recent API activity, resource configuration changes, related notifications, operational alerts, software inventory, and patch compliance status. You can also take action on each resource group depending on your operational needs. Systems Manager provides a central place to view and manage your AWS resources, so you can have complete visibility and control over your operations.
How AWS Systems Manager works: via - https://aws.amazon.com/systems-manager/
Incorrect options:
Amazon Inspector - Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It is not used to get operational insights of AWS resources.
AWS Personal Health Dashboard - AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that might affect you. It is not used to get operational insights of AWS resources.
AWS Trusted Advisor - AWS Trusted Advisor is an online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment. Trusted Advisor provides real-time guidance to help you provision your resources following AWS best practices. It is not used to get operational insights of AWS resources.
Reference:
Which of the following AWS Support plans is the MOST cost-effective when getting enhanced technical support by Cloud Support Engineers?
A. Enterprise
B. Basic
C. Business
D. Developer
C. Business
Explanation:
AWS recommends Business Support if you have production workloads on AWS and want 24x7 phone, email and chat access to technical support and architectural guidance in the context of your specific use-cases. You get full access to AWS Trusted Advisor Best Practice Checks. It is also the cheapeast support plan to provide enhanced technical support by Cloud Support Engineers.
AWS Business Support Plan Offerings:
Exam Alert:
Please review the differences between the Developer, Business, and Enterprise support plans as you can expect at least a couple of questions on the exam:
via - https://aws.amazon.com/premiumsupport/plans/
Incorrect options:
Developer - AWS recommends Developer Support if you are testing or doing early development on AWS and want the ability to get technical support during business hours as well as general architectural guidance as you build and test. It provides enhanced technical support, but by Cloud Support Associates.
Basic - A basic support plan is included for all AWS customers. It does not provide enhanced technical support.
Enterprise - AWS Enterprise Support provides customers with concierge-like service where the main focus is helping the customer achieve their outcomes and find success in the cloud. With Enterprise Support, you get 24x7 technical support from high-quality engineers, tools and technology to automatically manage the health of your environment, consultative architectural guidance delivered in the context of your applications and use-cases, and a designated Technical Account Manager (TAM) to coordinate access to proactive/preventative programs and AWS subject matter experts. It provides enhanced technical support by Cloud Support Engineers, but is more expensive than the Business support plan.
Which AWS tool can provide best practice recommendations for performance, service limits, and cost optimization?
A. Amazon CloudWatch
B. Amazon Inspector
C. AWE Service health Dashboard
D. AWS Trusted Advisor
D. AWS Trusted Advisor
Explanation:
AWS Trusted Advisor
AWS Trusted Advisor is an online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment. Trusted Advisor provides real-time guidance to help you provision your resources following AWS best practices.
How AWS Trusted Advisor works: via - https://aws.amazon.com/premiumsupport/technology/trusted-advisor/
Incorrect options:
Amazon Inspector - Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on your Amazon EC2 instances. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. Nevertheless, it does not provide best practice recommendations.
AWS Service Health Dashboard - AWS Service Health Dashboard publishes most up-to-the-minute information on the status and availability of all AWS services in tabular form for all Regions that AWS is present in. It does not provide best practice recommendations.
Amazon CloudWatch - Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides data and actionable insights to monitor applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. This is an excellent service for building Resilient systems. Think resource performance monitoring, events, and alerts; think CloudWatch. CloudWatch does not provide best practice recommendations.
Which of the following statements is an AWS best practice when architecting for the Cloud?
A. Close Coupling
B. Servers, not services
C. Security comes last
D. Automation
D. Automation
Explanation:
Automation
Automation should be implemented to improve both your system’s stability and the efficiency of your organization. There are many services to automate application architecture (AWS Elastic Beanstalk, Auto Scaling, AWS Lambda, etc.) to ensure more resiliency, scalability, and performance.
Incorrect options:
Servers, not services - The correct best practice is: “Services, not servers”. AWS recommends to develop, manage, and operate applications, especially at scale, using the broad set of compute, storage, database, analytics, applications, and deployment services offered by AWS to move faster and lower IT costs.
Close coupling - The correct best practice is: “Loose coupling”. AWS recommends that, as application complexity increases, IT systems should be designed in a way that reduces interdependencies. Therefore, a change or a failure in one component should not cascade to other components.
Security comes last - AWS allows you to improve your security in many, more simple ways. Therefore, you should take advantage of this and implement a high level of security.
Which of the following AWS services can be used to generate, use, and manage encryption keys on the AWS Cloud?
A. AWS Secrets Manager
B. AWS GuardDuty
C. Amazon Inspector
D. AWS CloudHSM
D. AWS CloudHSM
Explanation:
AWS CloudHSM
The AWS CloudHSM service helps you meet corporate, contractual, and regulatory compliance requirements for data security by using a dedicated Hardware Security Module (HSM) instances within the AWS cloud.
CloudHSM allows you to securely generate, store, and manage cryptographic keys used for data encryption in a way that keys are accessible only by you.
How AWS CloudHSM works: via - https://aws.amazon.com/cloudhsm/
Incorrect options:
Amazon Inspector - Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. It cannot be used to generate, use, and manage encryption keys.
AWS GuardDuty - Amazon GuardDuty is a threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. It cannot be used to generate, use, and manage encryption keys.
AWS Secrets Manager - AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. It is integrated with AWS CloudHSM to generate, use, and manage encryption keys.
According to the Shared Responsibility Model, which of the following is a responsibility of the customer?
A. Firewall & networking configuration in EC2
B. Edge Locations Security
C. Managing DynamoDB
D. Protecting hardware infrastructure
A. Firewall & networking configuration in EC2
Explanation:
Firewall & networking configuration in EC2
The customers are responsible for “Security IN the cloud”. In includes the configuration of the operating system, network & firewall of applications.
Exam Alert:
Please review the Shared Responsibility Model in detail as you can expect multiple questions on the shared responsibility model in the exam: via - https://aws.amazon.com/compliance/shared-responsibility-model/
Incorrect options:
Managing DynamoDB - DynamoDB is a fully managed service. AWS operates the infrastructure layer, the operating system, and platforms, and customers access the endpoints to store and retrieve data.
Protecting hardware infrastructure
Edge locations security
AWS is responsible for “Security OF the cloud”. It includes the infrastructure, which is composed of the hardware, software, networking, and facilities that run AWS Cloud services.
According to the Well-Architected Framework, which of the following action is recommended in the Security pillar?
A. Use AWS Cost Explorer to view and track your usage in detail
B. Use Amazon CloudWatch to measure overall efficiency
C. Use AWS KMS to encrypt data
D. Use AWS CloudFormation to automate security best practices
C. Use AWS KMS to encrypt data
Explanation:
Use AWS KMS to encrypt data
The Security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.
Encrypting data is part of the design principle “Protect data in transit and at rest”: Classify your data into sensitivity levels and use mechanisms, such as encryption, tokenization, and access control where appropriate.
AWS Key Management Service (AWS KMS) makes it easy for you to create and control keys used for encryption. It is a key service of the Security pillar.
The AWS Well-Architected Framework helps you understand the pros and cons of decisions you make while building systems on AWS. By using the Framework you will learn architectural best practices for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. It provides a way for you to consistently measure your architectures against best practices and identify areas for improvement.
The AWS Well-Architected Framework is based on six pillars — Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization and Sustainability.
Overview of the six pillars of the Well-Architected Framework:
via - https://aws.amazon.com/architecture/well-architected/
Incorrect options:
Use AWS Cost Explorer to view and track your usage in detail - AWS Cost Explorer has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time. Using Cost Explorer to view and track your usage in detail relates more to the Cost Optimization pillar.
Use Amazon CloudWatch to measure overall efficiency - Amazon CloudWatch is a monitoring and management service built for developers, system operators, site reliability engineers (SRE), and IT managers. Using Amazon CloudWatch to measure overall efficiency relates more to the Reliability pillar.
Use AWS CloudFormation to automate security best practices - AWS CloudFormation provides a common language for you to model and provision AWS and third-party application resources in your cloud environment. It is not used to automate security best practices. If you want to automate security best practices, you should use Amazon Inspector.
Which AWS tool/service will help you define your cloud infrastructure using popular programming languages such as Python and JavaScript?
A. AWS Elastic Beanstalk
B. AWS CodeBuild
C. AWS CloudFormation
D. AWS Cloud Development Kit (CDK)
D. AWS Cloud Development Kit (CDK)
Explanation:
AWS Cloud Development Kit (CDK) - The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define your cloud application resources using familiar programming languages.
AWS CDK uses the familiarity and expressive power of programming languages for modeling your applications. It provides you with high-level components called constructs that preconfigure cloud resources with proven defaults, so you can build cloud applications without needing to be an expert. AWS CDK provisions your resources in a safe, repeatable manner through AWS CloudFormation. It also enables you to compose and share your own custom constructs that incorporate your organization’s requirements, helping you start new projects faster.
In short, you use the AWS CDK framework to author AWS CDK projects which are executed to generate CloudFormation templates.
How CDK works: via - https://aws.amazon.com/cdk/
Incorrect options:
AWS Elastic Beanstalk - AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python etc. You can simply upload your code in a programming language of your choice and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring.
AWS CloudFormation - AWS CloudFormation is a service that gives developers and businesses an easy way to create a collection of related AWS and third-party resources, and provision and manage them in an orderly and predictable fashion. AWS CloudFormation is designed to allow resource lifecycles to be managed repeatably, predictable, and safely, while allowing for automatic rollbacks, automated state management, and management of resources across accounts and regions. AWS CDK helps code the same in higher-level languages and converts them into CloudFormation templates.
AWS CodeBuild - AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. With CodeBuild, you don’t need to provision, manage, and scale your own build servers. CodeBuild scales continuously and processes multiple builds concurrently, so your builds are not left waiting in a queue.
An e-commerce company would like to build a chatbot for its customer service using Natural Language Understand (NLU). As a Cloud Practitioner, which AWS service would you use?
A. Amazon Rekognition
B. Amazon Comprehend
C. Amazon SageMaker
D. Amazon Lex
D. Amazon Lex
Explanation:
Amazon Lex - Amazon Lex is a service for building conversational interfaces using voice and text. Powered by the same conversational engine as Alexa, Amazon Lex provides high-quality speech recognition and language understanding capabilities, enabling the addition of sophisticated, natural language ‘chatbots’ to new and existing applications.
Amazon Lex Use Cases:
via - https://aws.amazon.com/lex/
Incorrect options:
Amazon Rekognition - With Amazon Rekognition, you can identify objects, people, text, scenes, and activities in images and videos, as well as to detect any inappropriate content. Amazon Rekognition also provides highly accurate facial analysis and facial search capabilities that you can use to detect, analyze, and compare faces for a wide variety of user verification, people counting, and public safety use cases.
Amazon SageMaker - Amazon SageMaker is a fully-managed platform that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale. Amazon SageMaker removes all the barriers that typically slow down developers who want to use machine learning.
Amazon Comprehend - Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find meaning and insights in text. Natural Language Processing (NLP) is a way for computers to analyze, understand, and derive meaning from textual information in a smart and useful way. By utilizing NLP, you can extract important phrases, sentiment, syntax, key entities such as brand, date, location, person, etc., and the language of the text.
The IT infrastructure at a university is deployed on AWS Cloud and it’s experiencing a read-intensive workload. As a Cloud Practitioner, which AWS service would you use to take the load off databases?
A. AWS Glue
B. Amazon ElastiCache
C. Amazon Relational Database Service (RDS)
D. Amazon EMR
B. Amazon ElastiCache
Explanation:
Amazon ElastiCache
Amazon ElastiCache is a web service that makes it easy to deploy, operate, and scale an in-memory cache in the cloud. The service improves the performance of web applications by allowing you to retrieve information from fast, managed, in-memory caches, instead of relying entirely on slower disk-based databases.
If EC2 instances are intensively reading data from a database, ElastiCache can cache some values to take the load off the database.
How Amazon ElastiCache works: via - https://aws.amazon.com/elasticache/))
Incorrect options:
Amazon Relational Database Service (RDS) - Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need. It cannot be used to take the load off databases. However, ElastiCache is often used with RDS to take the load off RDS.
AWS Glue - AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics. AWS Glue job is meant to be used for batch ETL data processing. It cannot be used to take the load off the databases.
Amazon EMR - Amazon EMR provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances. It cannot be used to take the load off the databases.
Which of the following billing timeframes is applied when running a Windows EC2 on-demand instance?
A. Pay per day
B. Pay per hour
C. Pay per second
D. Pay per minute
C. Pay per second
Explanation:
Pay per second
With On-Demand instances you only pay for EC2 instances you use. The use of On-Demand instances frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs.
When running a Windows EC2 on-demand instance, pay per second pricing is applied.
Incorrect options:
Pay per hour - When running a Windows EC2 on-demand instance, pay per second pricing is applied. Windows based EC2 instances used to follow pay-per-hour pricing earlier.
Pay per minute - Pay per minute pricing is not available for Windows EC2 on-demand instances, or any other type of on-demand EC2 instance.
Pay per day - Pay per day pricing is not available for Windows EC2 on-demand instances, or any other type of on-demand EC2 instance.
A Cloud Practitioner would like to deploy identical resources across all regions and accounts using templates while estimating costs. Which AWS service can assist with this task?
A. AWS CloudFormation
B. AWS CodeDeploy
C. AWS Directory Service
D. Amazon LightSail
A. AWS CloudFormation
Explanation:
AWS CloudFormation
AWS CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion.
You can use the AWS CloudFormation sample templates or create your own templates to describe your AWS resources, and any associated dependencies or runtime parameters, required to run your application. This provides a single source of truth for all your resources and helps you to standardize infrastructure components used across your organization, enabling configuration compliance and faster troubleshooting.
CloudFormation templates allow you to estimate the cost of your resources.
How AWS CloudFormation works: via - https://aws.amazon.com/cloudformation/
Incorrect options:
AWS Directory Service - AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud. It is not used to deploy resources.
Amazon LightSail - Amazon Lightsail is designed to be the easiest way to launch and manage a virtual private server with AWS. It is not best suited when deploying more complex resources, while CloudFormation can.
AWS CodeDeploy - AWS CodeDeploy is a service that automates code deployments to any instance, including EC2 instances and instances running on-premises. Unlike CloudFormation, it does not deal with infrastructure configuration and orchestration.
Which of the following options are the benefits of using AWS Elastic Load Balancing (ELB)? (Select TWO)
A. Storage
B. Fault Tolerance
C. Agility
D. High Availability
E. Less Costly
B. Fault Tolerance
D. High Availability
Explanation:
High availability
Fault tolerance
Elastic Load Balancing (ELB) automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones.
Elastic Load Balancing offers three types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make your applications fault-tolerant: Application Load Balancer (best suited for HTTP and HTTPS traffic), Network Load Balancer (best suited for TCP traffic), and Classic Load Balancer.
Incorrect options:
Agility - Agility refers to new IT resources being only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes.AWS Elastic Load Balancing does not help with agility.
Less costly - AWS Elastic Load Balancing does not help with reducing costs.
Storage - AWS Elastic Load Balancing does not offer storage benefits. It is not a storage-related service.
According to the Shared Responsibility Model, which of the following are responsibilities of AWS? (Select two)
A. Installing security patches of the guest operating system (OS)
B. Encrypting application data
C. Configuring IAM Roles
D. Network Operability
E. Data Center Security
D. Network Operability
E. Data Center Security
Explanation:
Data center security
Network operability
AWS responsibility “Security OF the Cloud” - AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.
Exam Alert:
Please review the Shared Responsibility Model in detail as you can expect multiple questions on the shared responsibility model in the exam: via - https://aws.amazon.com/compliance/shared-responsibility-model/
Incorrect options:
Installing security patches of the guest operating system (OS) - The customers are responsible for patching their guest OS.
Please review the IT controls under the Shared Responsibility Model: via - https://aws.amazon.com/compliance/shared-responsibility-model/
Encrypting application data - The customers are responsible for encrypting application data.
Configuring IAM Roles - The customers are responsible for configuring IAM Roles.
Which types of monitoring can be provided by Amazon CloudWatch? (Select TWO)
A. Application Performance
B. API Access
C. Resource Utilization
D. Performance and Availability of AWS Services
E. Account Management
A. Application Performance
C. Resource Utilization
Explanation:
Application performance
Resource utilization
Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, and set alarms. Amazon CloudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by your applications and services, and any log files your applications generate.
You can use Amazon CloudWatch to gain system-wide visibility into resource utilization, application performance, and operational health. You can use these insights to react and keep your application running smoothly.
How Amazon CloudWatch works: via - https://aws.amazon.com/cloudwatch/
Incorrect options:
API access - Recording API calls is a feature of CloudTrail, not CloudWatch.
Performance and availability of AWS services - The Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources, not CloudWatch.
Account management - Identity and Access Management (IAM) is usually used to manage accounts, not CloudWatch.
Which AWS service can be used to send, store, and receive messages between software components at any volume to decouple application tiers?
A. Amazon SQS
B. AWS Elastic Beanstalk
C. Amazon SNS
D. AWS Organizations
A. Amazon SQS
Explanation:
Amazon SQS
Amazon Simple Queue Service (Amazon SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating message-oriented middleware, and empowers developers to focus on differentiating work.
Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available.
Incorrect options:
Amazon SNS - Amazon Simple Notification Service (Amazon SNS) is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications.
Please review this reference architecture for building a decoupled order processing system using SNS and SQS: via - https://aws.amazon.com/blogs/compute/building-loosely-coupled-scalable-c-applications-with-amazon-sqs-and-amazon-sns/
AWS Elastic Beanstalk - AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services. You can simply upload your code, and AWS Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, and auto-scaling to application health monitoring. It is not used to send, store, and receive message between software components.
AWS Organizations - AWS Organizations offers policy-based management for multiple AWS accounts. With Organizations, you can create groups of accounts, automate account creation, apply and manage policies for those groups. Organizations enables you to centrally manage policies across multiple accounts, without requiring custom scripts and manual processes. It is not used to send, store, and receive message between software components.
A media company wants to enable customized content suggestions for the users of its movies streaming platform. Which AWS service can provide these personalized recommendations based on the historic data?
A. Amazon Personalize
B. Amazon Customize
C. Amazon SageMaker
D. Amazon Comprehend
A. Amazon Personalize
Explanation:
Amazon Personalize - Amazon Personalize enables developers to build applications with the same machine learning (ML) technology used by Amazon.com for real-time personalized recommendations. Amazon Personalize can be used to personalize the end-user experience over any digital channel. Examples include product recommendations for e-commerce, news articles and content recommendation for publishing, media and social networks, hotel recommendations for travel websites, credit card recommendations for banks, and match recommendations for dating sites. These recommendations and personalized experiences can be delivered over websites, mobile apps, or email/messaging. Amazon Personalize can also be used to customize the user experience when user interaction is over a physical channel, e.g., a meal delivery company could personalize weekly meals to users in a subscription plan.
Amazon Personalize supports the following key use cases:
Personalized recommendations Similar items Personalized reranking i.e. rerank a list of items for a user Personalized promotions/notifications
Incorrect options:
Amazon SageMaker - Amazon SageMaker is a fully managed service that provides every developer and data scientist with the ability to build, train, and deploy machine learning (ML) models quickly. SageMaker removes the heavy lifting from each step of the machine learning process to make it easier to develop high-quality models.
Amazon Customize - There is no such service as Amazon Customize. This option has been added as a distractor.
Amazon Comprehend - Amazon Comprehend is a natural-language processing (NLP) service that uses machine learning to uncover information in unstructured data. Instead of combing through documents, the process is simplified and unseen information is easier to understand.
The service can identify critical elements in data, including references to language, people, and places, and the text files can be categorized by relevant topics. In real-time, you can automatically and accurately detect customer sentiment in your content.
A company would like to create a private, high bandwidth network connection between its on-premises data centers and AWS Cloud. As a Cloud Practitioner, which of the following options would you recommend?
A. VPC Endpoints
B. VPC Peering
C. Site to Site VPN
D. Direct Connect
D. Direct Connect
Explanation:
Direct Connect
AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.
How AWS Direct Connect works: via - https://aws.amazon.com/directconnect/
Incorrect options:
Site-to-Site VPN - By default, instances that you launch into an Amazon VPC can’t communicate with your own (remote) network. You can enable access to your remote network from your VPC by creating an AWS Site-to-Site VPN (Site-to-Site VPN) connection, and configuring routing to pass traffic through the connection. It uses the public internet and is therefore not suited for this use case.
VPC Endpoints - A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. It does not connect your on-premises data centers and AWS Cloud.
VPC Peering - A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. It is used to connect VPCs together, and not on-premises data centers and AWS Cloud.
